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DETAILED ACTION 
Remarks 

1 . In response to communications files on 14-May-2007. Claims 24, 26, 36-41 are amended 
and claims 42-44 are added by Applicant's request. Therefore, claims 24-44 are presently 
pending in the application. 

Claim Rejections - 35 USC § 112 

2. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

3. Claims 24 and 42 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply 
with the written description requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to reasonably convey to one skilled in the relevant 
art that the inventor(s), at the time the application was filed, had possession of the claimed 
invention. Claim 24, lines 3-4 and 10 and claim 42, line 1 said M a first set of security association 
information" and "a second set of security association information", the examiner can not find 
this two set on the specification. 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made 
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to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claims 24-26, 28-32, 36-41, and 43-44 are rejected under 35 U.S.C. 103(a) (Eff. Filing 

date of claims benefit application: 9/23/1999) as being unpatentable by Leung (U.S. patent 

6,760,444) (Eff. Filing date of application: 1/8/1 999 ); in view of Gunter et al . (U.S. patent 

6,751,728) (Eff. Filing date of application: 6/16/1999); and further in view of Chang et al . (U.S. 

patent 6,862,278) (Eff. Fling date of application: 6/18/1998). 

As to claim 24, Leung teaches a device, comprising: 

a distributor unit in the device that distributes a plurality of packets and a first set of 
security association information for each of the plurality of packets according to a distribution 
scheme and updates a second set of security association information for one or more of the 
plurality of packets (see figure 1; column 2, lines 57-67; column 3, lines 1-15; col. 4, lines 52-56, 
and column 7, lines 33-50); and 

wherein each of the plurality of security processing engines receives a packet and at least 
a portion of the first set of security association information associated with the packet (see 
column 4, lines 32-62; column 6, lines 7-46; column 7, lines 336-50; and claims 1-3), and 

Leung does not teach a plurality of security processing engines in the device, coupled to 
the distributor unit, configurable to perform authentication, encryption, or decryption functions. 

Gunter el al . teaches a system and method of transmitting encrypted packets through a 
network access point (see abstract), in which he teaches a plurality of security processing engines 
in the device, coupled to the distributor unit, configurable to perform authentication, encryption, 
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or decryption functions (see abstract; figures 1, 3, 5, characters 1 12 and 1 16, and 8, character 

152; column 1, lines 66-67; and column 2, lines 1-9). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Gunter et al., because a plurality 
of security processing engines in the device, coupled to the distributor unit, configurable to 
perform authentication, encryption, or decryption functions, would enable the method because 
"When the NAP receives such an encrypted packet intended for a host on its intranet, it cannot 
perform the address translation by simply replacing the original destination address with the 
intranet address of the receiving host. 

This is because the original destination address is used to generate the hash value in the 
packet. When the receiving host receives the modified packet, it decrypts the encrypted portion 
and authenticates the packet by calculating another hash value based on the addresses and data 
in the received packet, and comparing this hash value with the hash value included in the 
packet", (see column 1, lines 65-67 and column 2, lines 1-9). 

Leung does not teach wherein the plurality of security processing engines process the 
plurality of packets in parallel. 

Chang et al . teaches system and method using a packetized encoded bitstream for parallel 
compression and decompression (see abstract), in which he teaches wherein the plurality of 
security processing engines process the plurality of packets in parallel (see column 2, lines 32- 
39). 
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It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Chang et ah, because wherein 
the plurality of security processing engines process the plurality of packets in parallel, would 
enable the method because "Since each packet has a fixed-length with a tag field for directing, a 
distributor can efficiently send different packets to different decoder units which can then 
process the packets in parallel", (see column 2, lines 32-39). 

As to claim 25, Leung as modified teaches wherein the plurality of packets are buffered 
prior to being processed by the plurality of security processing engines (see Gunter et ah column 
3, lines 64-67 and column 4, line 1). 

As to claim 26, Leung as modified teaches the device further comprising a classification 
module that determines security association information associated with each packet in the 
plurality of packets, wherein the classification module is configured to provide at least a portion 
of the security information associated with each packet to the distributor unit (see Gunter et ah 
column 10, lines 19-23 and column 10, lines 33-35). 

As to claim 28, Leung as modified teaches wherein the security association information 
includes a sequence number, an anti-replay window, and a lifetime of the security association 
(see Leung, column 3, lines 45-67 and column 4, lines 1-4). 
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As to claim 29 5 Leung as modified teaches wherein the security association information 
further includes an encapsulating security payload (ESP) encryption algorithm identifier and one 
or more ESP encryption keys (see Gunter et aL column 7, lines 33-39). 

As to claim 30, Leung as modified teaches wherein the security association information 
further includes an ESP authentication algorithm identifier and one or more ESP authentication 
keys (see Gunter et aL column 7, lines 33-39). 

As to claim 31 Leung as modified teaches wherein the security association information 
further includes an authentication header (AH) authentication algorithm identifier and one or 
more AI-1 authentication keys (see Gunter et aL figure 5; column 2, lines 4-9; and column 8, 
lines 22-27). 

As to claim 32, Leung as modified teaches wherein the security association information 
includes protocol mode information (see Gunter et al ., column 7, lines 10-19). 

As to claim 36, Leung as modified teaches wherein the device is a router (see Gunter et 
al, column 4, lines 44-46 and column 5, lines 48-5 1). 

As to claim 37, Leung as modified teaches wherein the device is a firewall (see Gunter et 
al, column 1, lines 32-35 and column 5, lines 34-37). 



Application/Control Number: 09/6 10,798 Page 7 

Art Unit: 2164 

As to claim 38, Leung as modified teaches wherein the device is a network 
communication device (see Gunter et al abstract and column 1 , lines 7-11). 

As to claim 39, Leung as modified teaches wherein the device is a security gateway (see 
Gunter et ah column 5, Lines 35-38). 

As to claim 40, Leung as modified teaches wherein the device is a server (see Gunter et 
al, column 1, lines 24-26; column 6, lines 44-49; and column 6, lines 62-64). 

As to claim 41, Leung as modified teaches wherein the device is a network line card (see 
Gunter et al column 4, lines 14-22). 

As to claim 43, Leung as modified teaches wherein the distributor unit includes a 
memory configured to store a copy of the security association information associated with each 
packet being processing by the plurality of security processing engines (see Gunter et al., col. 3, 
lines 48-53; col. 3, lines 64-67 and col. 4, line 1)), 

As to claim 44, Leung as modified teaches wherein the memory is further configured to store 
a copy of the security association information associated with each packet being buffered by the 
plurality of security processing engine(see Gunter et al., col. 3, lines 48-53). 



6. Claim 27 is rejected under 35 U.S.C. 103(a) (Eff. Filing date of claims benefit 
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application: 9/23/1999) as being unpatentable by Leung (U.S. patent 6,760,444) (Eff. Filing date 
of application: 1/8/1 999 ); in view of Gunteretal. (U.S. patent 6,751,728) (Eff. Filing date of 
application: 6/16/1999); and further in view of Chang et al . (U.S. patent 6,862,278) (Eff. Fling 
date of application: 6/18/1998) as applied to claims 24-26, 28-32, and 36-41 above, and further 
in view of Barlow et al . (U.S patent 6,038,551) (Eff. Fling date of application: 3/1 1/1996). 

As to claim 27, Gunter et al . does not teach wherein the distributor unit and the plurality 
of security processing engines are on the same chip. 

Barlow et al . teaches system and method for configuring and managing resources on a 
multi-purpose integrated circuit card using a personal computer (see abstract), in which he 
teaches wherein the distributor unit and the plurality of security processing engines are on the 
same chip (see column 7, lines 42-45 and column 11, lines 43-53). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Barlow et al. , because wherein 
the distributor unit and the plurality of security processing engines are on the same chip, would 
enable the system because, in the illustrated embodiment, the IC card 14 is configured with 
cryptography acceleration circuitry 64, shown integrated with the CPU 50, which streamlines 
cryptography computations to improve speed (see Barlow et al ., column 1 1, lines 43-47). 

, 7. Claim 33 is rejected under 35 U.S.C. 103(a) (Eff. Filing date of claims benefit 
application: 9/23/1999) as being unpatentable by Leung (U.S. patent 6,760,444) (Eff. Filing date 
of application: 1/8/1 999 ); in view of Gunter et al . (U.S. patent 6,751,728) (Eff. Filing date of 
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application: 6/16/1999); and further in view of Chang et ah (U.S. patent 6,862,278) (Eff. Fling 
date of application: 6/18/1998) as applied to claims 24-26, 28-32, and 36-41 above, and further 
in view of Robinson (U.S patent 5,734,829) (Eff. Filing date of application: 10/20/1995). 

As to claim 33, Leung does not teach wherein the distribution scheme is a round-robin 
distribution scheme, wherein the distributor unit selects a next available security processing 
engine in a round-robin manner. 

Robinson teaches a method and program for processing a volume of data on a parallel 
computer system (see abstract) in which he teaches wherein the distribution scheme is a round- 
robin distribution scheme, wherein the distributor unit selects a next available security 
processing engine in a round-robin manner (see column 2, lines 43-51). 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Robinson , wherein the 
distribution scheme is a round-robin distribution scheme, wherein the distributor unit selects a 
next available security processing engine in a round-robin manner, would enable the system to 
reduce the throughput time as taught in Robinson (Col. 2, lines 5-9). 

8. 9. Claims 34-35 is rejected under 35 U.S.C. 103(a) (Eff. Filing date of claims benefit 
application: 9/23/1999) as being unpatentable by Leung (U.S. patent 6,760,444) (Eff. Filing 
date of application: 1/8/1 999 ); in view of Gunter et al . (U.S. patent 6,751,728) (Eff. Filing date 
of application: 6/16/1999); and further in view of Chang et al . (U.S. patent 6,862,278) (Eff. Fling 
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date of application: 6/18/1998) as applied to claims 24-26, 28-32, and 36-41 above, and further 
in view of M artin OJ.S patent 5,867,706) (Eff Filing date of application: 12/19/1996). 

As to claims 34 and 35, Leung does not teach the device further comprising an order 
maintenance packet retirement unit and wherein the distributor unit assigns packets for 
processing to a next available security processing engine regardless of the order received and the 
order maintenance packet retirement unit outputs the processed packets such that packet order is 
maintained. 

Martin discloses that each processor contains a load determining means that determines 
activity for the processor and is ultimately used by the decision means to decide which processor 
should service a client request (Abstract), which meets the limitation of the distributor unit 
assigns packets for processing to a next available security processing engine regardless of the 
order received and the order maintenance packet retirement unit outputs the processed packets 
such that packet order is maintained. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Leung by the teaching of Marti n, because the system 
further comprising an order maintenance packet retirement unit and wherein the distributor unit 
assigns packets for processing to a next available security processing engine regardless of the 
order received and the order maintenance packet retirement unit outputs the processed packets 
such that packet order is maintained, would enable the system "Decision means (90) is then 
used which, for each reference to a subsequent block of information in the file constructed by 
the block retrieval means (80), determines, based on the load distribution record, which 
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processor should service a request from the client computer (50) for that subsequent block of 
information, and includes an address for that processor in the file constructed by the block 
retrieval means (80)", (see abstract). 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Belix M. Ortiz whose telephone number is 571-272-4081 . The 
examiner can normally be reached on moday-friday 9am-5pm. 

The fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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